kubectl commands fail with Unable to connect to the server: x509: certificate signed by unknown authority

Question

I have a gke cluster setup. version 1.24

I copy the login command from the GKE UI:

gcloud container clusters get-credentials gke-123 --zone us-east1-b --project <project>
Fetching cluster endpoint and auth data.
kubeconfig entry generated for gke-123.

running any kubectl command (including version) yields:

kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"darwin/arm64"}
    Unable to connect to the server: x509: certificate signed by unknown authority

gcloud version
Google Cloud SDK 415.0.0
bq 2.0.84
core 2023.01.20
gcloud-crc32c 1.0.0
gke-gcloud-auth-plugin 0.4.0
gsutil 5.18

kubeconfig entry:
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ...
    server: https://...
  name: ...
contexts:
- context:
    cluster: ...
    user: ...
  name: ...
current-context: ...
kind: Config
preferences: {}
users:
- name: ...
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: gke-gcloud-auth-plugin
      installHint: Install gke-gcloud-auth-plugin for use with kubectl by following
        https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke
      provideClusterInfo: true

certificate-authority-data seems to be valid.

Appreciate help in resolving this.